Embodiments of the present invention generally relate to payment systems. More specifically, embodiments of the present invention relate to securely authorizing a financial transaction utilizing an electronic payment credential.
Various forms of wireless or contactless devices have been introduced for use in various types of transactions. For example, contactless transaction initiation is often performed with a “smart” card or other device such as a key fob or a mobile device such as a cell phone or Personal Digital Assistant (PDA) containing a memory and a processor. Such a card or device typically also includes Radio-Frequency IDentification (“RFID”) or Near-Field Communications (NFC) components for contactless communication with a Point-Of-Sale (POS) device. The information stored in the memory of the device and communicated via the RFID or NFC components to the POS device is generally similar or identical to the information recorded on the magnetic stripe of a card, i.e., account number etc. Thus, in some cases, such devices may be utilized instead of more conventional cards.
Conveniently, accounts represented by information stored in such electronic devices, i.e., an electronic payment credential, can be programmed or provisioned to the electronic device in many different ways. For example, the information or credential can be downloaded to the device over-the-air, e.g., via a wireless connection with a service provider's network, pre-programmed onto the device, downloaded to the device from a client computer, manually entered by a user of the device, etc. However, it is important to assure that the account information is not provisioned to or used by electronic devices which are not authorized to utilize that account information. For example, a particular electronic credential may be authorized for use on one or a small group of electronic devices. To prevent theft, fraud, or accident use of the credential on devices which are not authorized to use the credential, system and methods should be used to authorize a financial transaction utilizing the electronic payment credential and the device presenting the credential.